Passwords

Passwords should be more than 12 characters and include a
mixture of upper and lower case letters, numbers, and punctuation.
Sample good password: Egb0y/grl/df! (every good boy
(or girl) deserves fudge).

If you use a mobile device (phone or tablet) to access your campus e-mail
and applications, make sure that device has a screen lock. Don't use anything
easy to guess like a phone number or birth date.

Password cracking abilities are increasing rapidly and security breaches
at online services are all too common. These two factors mean we need even
better password management:

Don't use the same password on multiple services. This includes
a single password with variations: B3tty-Boop1, B3tty-Boop2,
!B3tty-Boop3

Consider using a password manager; reviews here. ACG
staff can help you set this up. The advantage is that you
can use a separate, long and random password for each site (like
z;@AsV!%jE4t75Si3/) and you don't have to remember it.

You are responsible for protecting your passwords for all University
systems. This includes, but is not limited to, the following:

If you ever get a message telling you that you need to e-mail your
password or fill out a web form in order to maintain access
to a system (EECS, UC, bank, anything), it is almost certainly
fake. Forward the message to acg@eecs, and we'll let you know
if it is legitimate.

Do not write any password down and keep it in an accessible place.
If you can't remember a password, then start using a password manager
like LastPass. You set one long passphrase for the password manager,
and then it remembers all of your other passwords.

Do not share your password with anyone, in person or via email.
Systems staff can do everything they need without having your
password, and colleagues, workstudy students,
etc. should all have their own passwords. If you need help sharing
files or e-mail, ask ACG.

Information Privacy

The California law known as SB 1386 set up special regulations for
personal financial information: social security number, driver's
license number, and bank account or credit information. The best
way to comply with this law is not to store this information on any
computer. If you need this information from someone, ask them to
tell you over the telephone and then shred any no-longer-needed paper
notes when you are done with them. If you receive this information
in e-mail, delete the e-mail as soon as you no longer need it.
(You should also secure your paper files: lock file cabinets whenever
not currently in use, and remove and shred documents that you no
longer need to keep.)

If you have computer files with SB-1386-protected information that
you must keep, please contact ACG so we can work out the safest way
to do so.

Under Federal law
(FERPA),
student information is also protected.
Whenever possible, do not send student id numbers and names together
in email.
If you must send both to someone, they should be encrypted.
Our recommended method is to upload a file to
Box and share it. The campus has a
contract with Box for cloud
storage, and the service has been approved for FERPA-protected data.
Another option is to use an Excel spreadsheet with password protection.
Feel free to ask ACG for help with either of these techniques.

If you work from a laptop or home computer, you *must* not have
any files containing protected data on this computer. Work-related
files should remain in your home directory (H:) or shared project
space and be accessed from there.

Laptops, in particular, are very vulnerable to theft. Do not store
*any* confidential or irreplaceable data on a laptop. We have
anti-theft cables that can be used with departmental laptops;
this is far from a complete solution, but does help. Contact ACG
if you would like one.

Policies

You are responsible for knowing and understanding the University
policies that apply to computing and electronic data. If you
have any questions, ask ACG.

General Online Security Tips

Here are some
general tips and advice for online security from the
Anti-Phishing Working Group (APWG) and National Cyber Security
Alliance (NCSA). These may be helpful as you're dealing with your
personal devices (computers, tablets, smartphones, etc.) and online
services.